package com.lhl.jwt.security.provider;

import com.auth0.jwt.interfaces.DecodedJWT;
import com.lhl.jwt.excepiton.JwtExpireException;
import com.lhl.jwt.security.service.JwtUserDetailsService;
import com.lhl.jwt.security.token.JwtAuthenticationToken;
import com.lhl.jwt.security.utils.JwtConstant;
import com.lhl.jwt.security.utils.JwtUtils;
import io.swagger.annotations.Api;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;

import java.util.Calendar;

/**
 * @className: com.lhl.jwt.security.provider.JwtAuthenticationProvider
 * @description: jwt认证主要逻辑
 * @author: king
 * @date: 2020-12-21 18:25
 **/
@Api(tags = "JwtAuthenticationProvider", produces = "JwtAuthenticationProvider")
public class JwtAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private JwtUserDetailsService userDetailsService;

    @Override
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        DecodedJWT jwt = ((JwtAuthenticationToken) authentication).getToken();
        Assert.notNull(jwt, JwtConstant.TOKEN_NOT_EMPTY);
        //验证token是否过期
        if(jwt.getExpiresAt().before(Calendar.getInstance().getTime()))
            throw new JwtExpireException(JwtConstant.TOKEN_EXPIRE);

        //从缓存或数据库中获取user对象
        String username = jwt.getSubject();

        UserDetails user = userDetailsService.loadUserByUsername(username);
        if (user == null) {
            return null;
        }

        String salt = getSalt(username);
        try {
            JwtUtils.checkJWT(jwt.getToken(), salt, username);
        } catch (Exception e) {
            e.printStackTrace();
            throw new JwtExpireException(JwtConstant.TOKEN_VERIFY_ERROR, e);
        }

        JwtAuthenticationToken token = new JwtAuthenticationToken(user, jwt, user.getAuthorities());
        return token;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.isAssignableFrom(JwtAuthenticationToken.class);
    }
    protected String getSalt(String username) {
        String salt = userDetailsService.getSalt(username);
        if (StringUtils.isBlank(salt)) {
            salt = JwtUtils.TOKEN_SECRET;
        }
        return salt;
    }
    public void setUserDetailsService(JwtUserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
}
